Detecting Software Defects in Telecom Applications Through Lightweight Static Analysis: A War Story

  • Tobias Lindahl
  • Konstantinos Sagonas
Part of the Lecture Notes in Computer Science book series (LNCS, volume 3302)


In safety-critical and high-reliability systems, software development and maintenance are costly endeavors. The cost can be reduced if software errors can be identified through automatic tools such as program analyzers and compile-time software checkers. To this effect, this paper describes the architecture and implementation of a software tool that uses lightweight static analysis to detect discrepancies (i.e., software defects such as exception-raising code or hidden failures) in large commercial telecom applications written in Erlang. Our tool, starting from virtual machine bytecode, discovers, tracks, and propagates type information which is often implicit in Erlang programs, and reports warnings when a variety of type errors and other software discrepancies are identified. Since the analysis currently starts from bytecode, it is completely automatic and does not rely on any user annotations. Moreover, it is effective in identifying software defects even in cases where source code is not available, and more specifically in legacy software which is often employed in high-reliability systems in operation, such as telecom switches. We have applied our tool to a handful of real-world applications, each consisting of several hundred thousand lines of code, and describe our experiences and the effectiveness of our techniques.


Compile-time program checking software development software tools defect detection software quality assurance 


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Armstrong, J., Virding, R., Wikström, C., Williams, M.: Concurrent Programming in Erlang, 2nd edn. Prentice Hall Europe, Herfordshire (1996)zbMATHGoogle Scholar
  2. 2.
    Blau, S., Rooth, J.: AXD 301—A new generation ATM switching system. Ericsson Review 75(1), 10–17 (1998)Google Scholar
  3. 3.
    Cytron, R., Ferrante, J., Rosen, B.K., Wegman, M.N., Zadeck, F.K.: Efficiently computing static single assignment form and the control dependence graph. ACM Trans. Prog. Lang. Syst. 13(4), 451–490 (1991)CrossRefGoogle Scholar
  4. 4.
    Dor, N., Rodeh, M., Sagiv, M.: CSSV: Towards a realistic tool for statically detecting all buffer overflows in C. In: Proceedings of the ACM SIGPLAN 2003 Conference on Programming Language Design and Implementation, pp. 155–167. ACM Press, New York (2003)CrossRefGoogle Scholar
  5. 5.
    Engler, D., Musuvathi, M.: Static analysis versus software model checking for bug finding. In: Steffen, B., Levi, G. (eds.) VMCAI 2004. LNCS, vol. 2937, pp. 191–210. Springer, Heidelberg (2004)CrossRefGoogle Scholar
  6. 6.
    Evans, D., Larochelle, D.: Improving security using extensible lightweight static analysis. IEEE Software 19(1), 42–51 (2002)CrossRefGoogle Scholar
  7. 7.
    Findler, R.B., Clements, J., Flanagan, C., Flatt, M., Krishnamurthi, S., Steckler, P., Felleisen, M.: DrScheme: A programming environment for Scheme. Journal of Functional Programming 12(2), 159–182 (2002)CrossRefzbMATHGoogle Scholar
  8. 8.
    Flanagan, C., Leino, K.R.M., Lillibridge, M., Nelson, G., Saxe, J.B., Stata, R.: Extended static checking for Java. In: Proceedings of the ACM SIGPLAN 2002 Conference on Programming Language Design and Implementation, pp. 234–245. ACM Press, New York (2002)CrossRefGoogle Scholar
  9. 9.
    Hermenegildo, M.V., Puebla, G., Bueno, F., López-García, P.: Program development using abstract interpretation (and the Ciao system preprocessor). In: Cousot, R. (ed.) SAS 2003. LNCS, vol. 2694, pp. 127–152. Springer, Heidelberg (2003)CrossRefGoogle Scholar
  10. 10.
    Johansson, E., Pettersson, M., Sagonas, K.: HiPE: A High Performance Erlang system. In: Proceedings of the ACM SIGPLAN Conference on Principles and Practice of Declarative Programming, New York, NY, pp. 32–43. ACM Press, New York (2000)Google Scholar
  11. 11.
    Marlow, S., Wadler, P.: A practical subtyping system for Erlang. In: Proceedings of the ACM SIGPLAN International Conference on Functional Programming, pp. 136–149. ACM Press, New York (1997)Google Scholar
  12. 12.
    Mishra, P., Reddy, U.S.: Declaration-free type checking. In: Proceedings of the Twelfth Annual ACM Symposium on the Principles of Programming Languages, pp. 7–21. ACM Press, New York (1984)Google Scholar
  13. 13.
    Muchnick, S.S.: Advanced Compiler Design & Implementation. Morgan Kaufman Publishers, San Fransisco (1997)Google Scholar
  14. 14.
    Naish, L., Dart, P.W., Zobel, J.: The NU-Prolog debugging environment. In: Porto, A. (ed.) Proceedings of the Sixth International Conference on Logic Programming, pp. 521–536. The MIT Press, Cambridge (1989)Google Scholar
  15. 15.
    Nyström, S.-O.: A soft-typing system for Erlang. In: Proceedings of ACM SIGPLAN Erlang Workshop, pp. 56–71. ACM Press, New York (2003)Google Scholar
  16. 16.
    Pettersson, M., Sagonas, K., Johansson, E.: The HiPE/x86 Erlang compiler: System description and performance evaluation. In: Hu, Z., Rodríguez-Artalejo, M. (eds.) FLOPS 2002. LNCS, vol. 2441, pp. 228–244. Springer, Heidelberg (2002)CrossRefGoogle Scholar
  17. 17.
    Wiger, U., Ask, G., Boortz, K.: World-class product certification using Erlang. SIGPLAN Notices 37(12), 25–34 (2002)CrossRefGoogle Scholar
  18. 18.
    Wright, A., Cartwright, R.: A practical soft type system for Scheme. ACM Trans. Prog. Lang. Syst. 19(1), 87–152 (1997)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2004

Authors and Affiliations

  • Tobias Lindahl
    • 1
  • Konstantinos Sagonas
    • 1
  1. 1.Computing Science, Dept. of Information TechnologyUppsala UniversitySweden

Personalised recommendations